RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v3]

Weijun Wang weijun at openjdk.java.net
Wed Mar 9 19:49:45 UTC 2022


On Wed, 9 Mar 2022 19:15:36 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> It's been several years since we increased the default key sizes. Before shifting to PQC, NSA replaced its Suite B cryptography recommendations with the Commercial National Security Algorithm Suite which suggests:
>> 
>> - SHA-384 for secure hashing
>> - AES-256 for symmetric encryption
>> - RSA with 3072 bit keys for digital signatures and for key exchange
>> - Diffie Hellman (DH) with 3072 bit keys for key exchange
>> - Elliptic curve [P-384] for key exchange (ECDH) and for digital signatures (ECDSA)
>> 
>> So, this proposed changes made the suggested key size and algorithm changes. The changes are mostly in keytool, jarsigner and their regression tests, so @wangweij Could you please take a look?
>> 
>> Thanks!
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update JarSigner javadoc to make it consistent with previous update

Sorry if my previous comment confused you, the code and javadoc are not consistent now.

src/java.base/share/classes/sun/security/util/SignatureUtil.java line 561:

> 559:             return (isDSA || bitLength >= 624 ? "SHA384" : "SHA256");
> 560:         }
> 561:     }

In this method, "SHA-384" for 7680-bit key (7680 > 7680 is false).

src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 439:

> 437:          * Specifically, if a DSA or RSA key with a key size no less than 7680
> 438:          * bits, or an EC key with a key size no less than 512 bits,
> 439:          * SHA-512 will be used as the hash function for the signature.

In this javadoc, SHA-512 for 7680-bit key (7680 is no less than 7680).

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list